Sendmail + Gmail
Introduction
Sending email from your computer directly to your recipients is likely not an option. Your ISP probably blocks outgoing port 25, for good reason. Email providers don't accept incoming email except from reputable sources. Even if you're running a small business, your email servers will never get the kind of reputation they need to send email as a peer in our current email ecosystem.
Hope is not lost, however! You probably have a Gmail account, and it's actually pretty easy to have all the email pass through that. Gmail will need you to verify your account name and password over a secure connection, but that is rather trivial.
The limitation is that ALL email from a system will go through YOUR account. If you want to send as someone else, you'll have to bypass the default sendmail system.
Alternatives include Amazon's SES, which is a robust system that can send bulk email well.
Compatibility
These instructions should work for Fedora 17 (Beefy Miracle).
For other systems, I try to mention what it is that makes it work so you can adapt to your system.
If you let me know what works on your system, I'll add your notes here.
Packages
Install:
- sendmail
- sendmail-cf
- cyrus-sasl
Config
All the following is done as root. You can either login as root or use sudo.
How Configuration Works
Sendmail reads the configuration in /etc/mail. Note that you'll be editing files that need to be compiled into the actual files that sendmail uses. Luckily, there is a Makefile that will do what needs to be done. The Makefile is rather simple for Fedora: It just calls the make script in the same directory. We're going to try to take advantage of the defaults that the make file uses.
The sendmail.service script (see /usr/lib/systemd/sendmail.service) will run make and make aliases each time you restart it, so you don't need to manually make things.
Git setup
I use git to track changes to config, so the first thing I do is get that setup.
Note that if you're working as root, you'll need to setup your email and username for git.
cd /etc/mail git init git add . git commit -m "Initial commit."
Now, all changes I make can be seen through these two simple commands:
git status git diff
When I am happy with the state, I commit it with:
git add . git commit -m "My commit comment"
If I am unhappy, I can always revert the diff manually.
Create authinfo
Create a file /etc/mail/authinfo. Note that /etc/mail/make will create a hash table /etc/mail/authinfo.db from this file.
In that file, add two lines:
AuthInfo:smtp.gmail.com "U:root" "I:<your email>" "P:<your password>" AuthInfo:smtp.gmail.com:587 "U:root" "I:<your email>" "P:<your password>"
<your email> refers to, of course, the email address you want to send as. If you're using standard Gmail, this is something@gmail.com. If you're using Google Apps, this is whatever your login is. <your password> is the same. Note that you're allowing anyone who can read this file to read your password. Make sure you keep the file readable only by root, and make sure not anyone can login as root, or has access to sudo, or they will get your password.
This file, as I mentioned earlier, will be compiled into authinfo.db by the make script. So you're done here.
Generate sendmail.pem
There are instructions on how to do this in /etc/mail/sendmail.mc.
dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # cd /etc/pki/tls/certs; make sendmail.pem dnl # Complete usage: dnl # make -C /etc/pki/tls/certs usage
When asked for information, try to provide as little as possible. That means leave the host name, the email, and other optional fields blank.
Modify sendmail.mc
Here's a diff of the changes you need to make to sendmail.mc:
diff --git a/sendmail.mc b/sendmail.mc index 6c4c18e..509b80c 100644 --- a/sendmail.mc +++ b/sendmail.mc @@ -23,7 +23,9 @@ dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # -dnl define(`SMART_HOST', `smtp.your.provider')dnl +define(`SMART_HOST', `smtp.gmail.com')dnl +define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl +define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl dnl # define(`confDEF_USER_ID', ``8:12)dnl dnl define(`confAUTO_REBUILD')dnl @@ -50,17 +52,19 @@ dnl # guaranteed secure. dnl # Please remember that saslauthd needs to be running for AUTH. dnl # dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl -dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl +define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # cd /etc/pki/tls/certs; make sendmail.pem dnl # Complete usage: dnl # make -C /etc/pki/tls/certs usage dnl # -dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl -dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl -dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl -dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl +define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl +define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl +define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl +define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl +define(`confCLIENT_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl +define(`confCLIENT_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl dnl # dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's dnl # slapd, which requires the file to be readble by group ldap @@ -173,6 +177,7 @@ dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl dnl MASQUERADE_DOMAIN(mydomain.lan)dnl +FEATURE(`authinfo',`hash /etc/mail/authinfo')dnl MAILER(smtp)dnl MAILER(procmail)dnl dnl MAILER(cyrusv2)dnl
Restart Sendmail
systemctl restart sendmail.service
Now you should have a working system.
Testing
In one console window, run:
tail -f /var/log/maillog
In another, run:
echo "Testing" > mail -s "Testing" <your email>
This should send an email to <your email>.
Git Commit
After you have everything working, be sure to git commit.
.forward
You may want to set up a forwarding address for root.
echo "you@example.com > ~/.forward chmod 400 ~/.forward
This will ensure that all of root's email will go to you.
You can also add this to individual user accounts.
Ubuntu 10.04
The instructions for Ubuntu parallel Fedora's, except that they have slightly different ways of doing things.
Packages
- sendmail
- sendmail-bin
- make
Install the above with:
sudo apt-get install sendmail sendmail-bin make
How Configuration Works
Ubuntu has a more complicated Makefile in /etc/mail.
This Makefile doesn't seem to have a section for the authinfo file. That's OK, it's pretty easy to add it.
Like Fedora, starting sendmail kicks off the make process, provided you have make installed.
Modifying
Copy the rule for making access.db but change access to authinfo. Be sure to add authinfo and authinfo.db to the related lists.
Add the changes for Fedora (without the SSL stuff seems to work fine) near the bottom of sendmail.mc.
Debugging
smtp.gmail.com: No route to host
This occurs because you likely can't connect to port 25 on smtp.gmail.com. The solution is to set your RELAY_MAILER_ARGS to TCP $h 587. See above for the diff file for sendmail.mc.
I saw this error when I set up a new GMail account for my Google apps account. I hadn't initialized it yet by accepting the terms and conditions, so it bounced.
